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CUSTOMER CONFIGURES 
OUTER VPN CONNECTION 
WITH VPN NAT 



100 



CLIENT SENDS IKE 
PACKET ON OUTER 
CONNECTION (TO 
SET UP INNER 
CONNECTION) 
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GATEWAY RECEIVES 
IKE PACKET AND SETS 
UP TO RECEIVE A 
FUTURE NESTED 
CONNECTION 
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GATEWAY KERNEL 
OBTAINS CLIENT IP 
ADDRESS FROM IKE 
PACKET ON OUTER 
CONNECTION 
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X 108 
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START INNER 
CONNECTION 
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X 110 



FOR OUT SA, GATEWAY 
PROPAGATES VPN NAT 
RULE FROM OUTER TO 
INNER TUNNEL WHEN 
INNER TUNNEL IS 
STARTED 

X 



AT GATEWAY, OUTBOUND 
PACKETS HAVE VPN NAT 
APPLIED, THEN 
ENCAPSULATED IN INNER 
TUNNEL, THEN IN 
OUTER TUNNEL, THEN 
SENT OUT OF GATEWAY 

— \ 

x 114 



AT GATEWAY, IF PACKET 
HAS IPSEC HEADER, 
DECAPSULATE IT. 



ELSE, GO TO STEP 124 
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IF THERE IS A VPN 
RULE FOR THIS 
CONNECTION, SAVE 
A COPY OF THE VPN 
RULE 




IF THERE IS A SAVED 
VPN NAT RULE, APPLY 
IT TO THE PACKET 



X 122 
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SEND PACKET ON TO 
ITS DESTINATION 

X 



124 
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FIG. 4 



